Linux, At Your Service
Submitted by BobW on Friday, November 21, 2003 - 03:20

For the first few years of working with Linux I heard people talk about ports, protocols and services and I just hoped I could ignore them and keep getting my work done. Usually, this was the case but I eventually decided to bite the bullet and see what all this was about. This article won't tell you everything there is to know but it should help you put together the pieces.

One of the most helpful crib sheets in learning about all this stuff is a file on your system. In virtually all systems it is named /etc/services. It is just an plain ASCII file which provides a mapping between textual names for services and their assigned port numbers and protocol types. You may have noticed that all three buzzwords appeared in that one sentence. They appear in that file as well. I include a few lines from that file to give you an idea what I am talking about. I have included the comments from the top of the file so we can talk about them as well.

# Network services, Internet style
# Note that it is presently the policy of IANA to assign a single well-known
# port number for both TCP and UDP; hence, most entries here have two entries
# even if the protocol doesn't support UDP operations.
# This list could be found on:
# (last updated 2002 January 15)
# The port numbers are divided into three ranges: the Well Known Ports,
# the Registered Ports, and the Dynamic and/or Private Ports.
# The Well Known Ports are those from 0 through 1023.
# The Registered Ports are those from 1024 through 49151
# The Dynamic and/or Private Ports are those from 49152 through 65535
# The Well Known Ports are assigned by the IANA and on most systems can
# only be used by system (or root) processes or by programs executed by
# privileged users.
# Ports are used in the TCP [RFC793] to name the ends of logical
# connections which carry long term conversations.  For the purpose of
# providing services to unknown callers, a service contact port is
# defined.  This list specifies the port used by the server process as
# its contact port.  The contact port is sometimes called the
# "well-known port".
# To the extent possible, these same port assignments are used with the
# UDP [RFC768].
# The range for assigned ports managed by the IANA is 0-1023.
# Port Assignments:
#                 0/tcp    Reserved
#                 0/udp    Reserved
tcpmux          1/tcp           # TCP Port Service Multiplexer
tcpmux          1/udp           # TCP Port Service Multiplexer
ftp-data        20/tcp          # File Transfer [Default Data]
ftp-data        20/udp          # File Transfer [Default Data]
ftp             21/tcp          # File Transfer [Control]
fsp             21/udp          # official is File Transfer, ftp use no udp
ssh             22/tcp          # SSH Remote Login Protocol
ssh             22/udp          # SSH Remote Login Protocol
telnet          23/tcp          # Telnet
telnet          23/udp          # Telnet

There is a whole lot to talk about already. If you look at the last few lines you will see lines that start with ftp, ssh and telnet. If you have never heard of any of those names you probably need to read a different article. However, if you do know what they are, a light may have just come on for you.

What these lines tell you is that ftp uses ports 20 and 21, ssh uses port 22 and telnet uses port 23. If you use command line versions of these programs you might have noticed you could specify a port number. If you are curious, type ftp --help or telnet --help and see what you get. With ftp, you use the -P option to specify a port. With telnet, the port number just follows the hostname. With either command, the port number is optional. What that means is that if you don't specify it then the program uses the default port.

Looking back at the file you can see that each port number is followed by a slash and "tcp" or "udp". These are two standard Internet protocols. UDP is connectionless. What this means is that one computer can sent a message to another computer without asking permission first. The problem is that the sender will not know if the other system ever received the message. The buzzword here is unreliable.

The TCP protocol is reliable which just means that the sender and receiver talk to each other to make sure everything worked. Each protocol has a purpose. For example, when the systems want to establish a connection, sending a UDP message to that effect makes sense. It is just faster and easier.

So far, we have been talking about services that run on well known port numbers. Here are a few more that will likely be familiar to you.

smtp            25/tcp  mail    # Simple Mail Transfer
smtp            25/udp  mail    # Simple Mail Transfer
http            80/tcp          # World Wide Web HTTP
http            80/udp          # World Wide Web HTTP
pop2            109/tcp         # Post Office Protocol - Version 2
pop2            109/udp         # Post Office Protocol - Version 2
pop3            110/tcp         # Post Office Protocol - Version 3
pop3            110/udp         # Post Office Protocol - Version 3
nntp            119/tcp         # Network News Transfer Protocol
nntp            119/udp         # Network News Transfer Protocol
imap            143/tcp imap2   # Internet Message Access Protocol
imap            143/udp imap2   # Internet Message Access Protocol
imap3           220/tcp         # Interactive Mail Access Protocol v3
imap3           220/udp         # Interactive Mail Access Protocol v3
imaps           993/tcp         # imap4 protocol over TLS/SSL
imaps           993/udp         # imap4 protocol over TLS/SSL

You will certainly know about port 80. In addition, you can see that the various mail protocols have an assortment of ports. imaps is a secure connection for fetching your mail from a mail server. I should mention that you now can see two uses of the word protocol. First, in TCP or UDP and second in the protocol of the actual content. For example, SMTP stands for Simple Mail Transfer Protocol. Don't get confused--TCP and UDP have to do with the protocol for getting the message to the other end. The second use of the word protocol has to do with the specifics of the message content.

SMTP is the most common way a computer sends email to another computer. Your computer might send the message directly or it might send it thru what is called a smart host. In any case, the mail message is transfered by some computer connecting to the recipient computer using port 25 and then communicating using the SMTP protocol. This is a simple protocol and you can use your local telnet command to explore how it works. Just for kicks, try a command like this
telnet 25
but replace with a computer that is listening on port 25. I tried

You should see a message about the connection succeeding and then you are likely to not even get a prompt. If you are connected, try typing help and pressing the Enter key. Generally you will get a terse message of the commands that are supported. Here is what I got.

sid@firefly:/tmp> telnet 25
Connected to
Escape character is '^]'.
220 ESMTP Exim 3.35 #1 Sun, 16 Nov 2003 11:44:51-0800
214-Commands supported:
221 closing connection
Connection closed by foreign host.

Is this starting to make some sense? Ok, let me give you a new buzzword. When I performed the telnet connection, the remote computer was listening on port 25. This is actually just what it sounds like. There was a programming running that was just waiting for someone to try to connect to port 25. When telnet sent the request, that program established the connection. Some programs that are listening can only connect to one computer at a time, others can handle multiple connections.

Finally, I want to explain about the registered ports, which are the ports whose numbers are above 1024. In order for a program to listen on the ports that we have already covered, it has to be started as root. This didn't mean the program continued to run as root. This is actually pretty common. The apache web server, for example, is generally started as root, it does any necessary setup such as binding to port 80 and then changes it user ID to something less powerful--generally nobody or some other ordinary user.

On these higher numbered ports, any program can bind to them. Below I have included a few of the more common ones.

mysql           3306/tcp        # MySQL
mysql           3306/udp        # MySQL
x11             6000/tcp        # X Window System
x11             6000/udp        # X Window System
x11             6019/tcp        # X Window System
x11             6019/udp        # X Window System
x11             6063/tcp        # X Window System
x11             6063/udp        # X Window System
gnutella-svc    6346/tcp        # gnutella-svc
gnutella-svc    6346/udp        # gnutella-svc
gnutella-rtr    6347/tcp        # gnutella-rtr
gnutella-rtr    6347/udp        # gnutella-rtr
http-alt        8008/tcp        # HTTP Alternate
http-alt        8008/udp        # HTTP Alternate
http-alt        8080/tcp        # HTTP Alternate (see port 80)
http-alt        8080/udp        # HTTP Alternate (see port 80)

The first one, mysql, should help explain why it doesn't seem to matter if MySQL is running on your local computer or another system. Communication with it is thru a port so the only thing that changes is the hostname in the connection message.

Ports 8008 and 8080 are of interest if you are testing out a new web server or want to run more than one web server on the same computer. Because you don't have to be root to bind to ports 8008 or 8080 you can test a web server or even run one on a machine where you don't have root access.

I hope this introduction to ports, protocols and services has been helpful to you. I welcome your comments.